Vulnerabilities > Mozilla > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-18 | CVE-2004-0762 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | 5.0 |
| 2004-08-18 | CVE-2004-0761 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | 5.0 |
| 2004-08-18 | CVE-2004-0760 | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | 6.4 |
| 2004-08-18 | CVE-2004-0759 | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag. | 6.4 |
| 2004-08-18 | CVE-2004-0758 | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | 5.0 |
| 2004-03-15 | CVE-2004-0191 | Cross-Site Scripting vulnerability in Mozilla Browser Zombie Document Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. network mozilla | 6.8 |
| 2003-06-16 | CVE-2003-0300 | Denial-Of-Service vulnerability in Pine The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. network low complexity microsoft mozilla mutt qualcomm stuart-parmenter sylpheed university-of-washington ximian | 5.0 |
| 2002-12-31 | CVE-2002-2359 | Cross-Site Scripting vulnerability in Mozilla 1.0/1.1 Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | 4.3 |
| 2002-12-31 | CVE-2002-2338 | Improper Input Validation vulnerability in multiple products The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | 5.0 |
| 2002-12-31 | CVE-2002-2314 | Improper Input Validation vulnerability in Mozilla 1.0 Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | 5.0 |